CVE-2014-9042

{"id": "CVE-2014-9042", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-02-04T18:59:02.620", "references": [{"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-028", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-028", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041."}, {"lang": "es", "value": "Vulnerabilidad de XSS en la funcionalidad de importaci\u00f3n en la aplicaci\u00f3n bookmarks en ownCloud anterior a 5.0.18, 6.x anterior a 6.0.6, y 7.x anterior a 7.0.3 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios mediante la importaci\u00f3n un enlac\u00e9 con un protocolo no especificado. NOTA: esto puede ser aprovechado por atacantes remotos que utilizan CVE-2014-9041."}], "lastModified": "2024-11-21T02:20:09.400", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1258D6F1-DB48-4C47-AE81-F3E4FC79F6C4", "versionEndIncluding": "5.0.17"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43448288-B129-4210-9680-55836869F09F"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55475558-53CA-4764-9A70-1355D5759CFA"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DC3BCEC-9685-4899-91B6-1889FAB235C0"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4055273-FBA3-46A7-9B0B-0A5A8BB2E0AB"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56985A58-4F38-4192-AEC3-7953184206E7"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6510E0F-BA72-4591-8931-83974EFCDF0D"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14E553AC-B7F1-4692-8BC7-C59CE39C5CD5"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F1D79C4-2B24-4E55-8217-FDC00F22EC44"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16960810-E5B8-45EC-A54D-55941B1E728A"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DF9CAFD-F2E5-4AD4-BB65-D04A87E8E3B5"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CFC0B6E-54A4-45DD-94FA-CB03E7DC36DE"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35B4DF76-DD0D-4635-B26E-033542F26684"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A92D0B1D-1AEE-4098-AD25-42D3FD839F34"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "237F18EA-1A9B-4DE6-B604-12EB651F5F0F"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D3240A4-27D1-475D-8AB1-79D54E549818"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96C89F7E-F835-4DA3-9506-70545DD95834"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDE53A52-6BEB-47E8-A1BE-A094B4B066DD"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD65CEF7-238A-4F0E-9203-3C9EB0DECF14"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E1941F4-D2B5-4633-A934-FBD126B72D1C"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22EBDD6A-804F-44E8-A516-61760B5D447B"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FF6F676-1C9E-4F33-8E91-BC41E42CEE57"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}